Simple breakthrough permissions setup vulnerability hanging horse
Today, I have to say the issue of permission settings, sometimes we got a shell, but the permissions were too low, I could only get stroll around the SEHLL site. For those who like to hang the horse in the server site, I will do it too. Pain.
Take an example, such as ASP injection, mobile network, dynamic, easy, dusty edge, etc., there are many, anyway, no matter what we now have a shell
When we get a WebShell, mainly to do something, to improve permissions, and have permission to know that there is a lot of Dongdong, a lot of knowledge here,
C: D: E: ..... C: / Documents and settings / all users / "Start" menu / program / see This can not jump, we can get a lot of useful information such as the path of Serv-U here. ,
C: / documents and settings / all users can jump to this directory, if the line is the best, directly under its CIF file, crack the pcanywhere password, login C: / Program Files / Serv-U /
C: / Winnt / System32 / config / its SAM, crack password
C: / winnt / system32 / inetsrv / data / is ERVERYONE full control, many times, not limited, upload the tower of the promotion, then execute C: / Prelc: / Program Files / Java Web Start / C: / Documents and Settings / c: / documents and settings / all users / c: / winnt / system32 / inetsrv / data / c: / program files / c: / program files / serv-u / c: / program files / Microsoft SQL Server / C : / Temp / C: / MySQL / (if the server supports PHP) C: / PHP (if the server supports PHP)
Run "CScript C: /ineTPub/adminscripts/adsutil.vbs Get W3SVC / Inprocessisapiapps" to improve permissions
You can also use this code to try to improve, it is not very ideal.
If the host setting is very metamorphosis, you can try the C: / Documents and Settings / All Users / "Start" menu / program / start "to write to the Trojan.
冰狐 网 木 木马 比 比, 马 的 代
